Security Industry Must Drive Up Attacker Costs, Says Palo Alto Networks CEO

The security industry needs to make it increasingly difficult for cybercriminals to carry out attacks by making technology that isn't too complex, and require the resources of large IT teams, said Palo Alto Networks president and CEO Mark D. McLaughlin.

Speaking Tuesday to some 2,000 network security pros and IT leaders attending the 2014 Palo Alto Networks Ignite user conference in Las Vegas, McLaughlin said the total cost of ownership of security platforms needs to decline over time and not be hampered by costly response and remediation activities.

"We need to move from an incident response mindset to a proactive mindset," McLaughlin said. "The old way of detect and remediation just seems like it isn't going to work."

[Related: Advanced Persistent Threats: Not-So-Advanced Methods After All ]

Sponsored post

McLaughlin, formerly president and CEO of Verisign, took the helm at Palo Alto Networks in 2011. He referred to his company's recent acquisition of Israeli-based endpoint protection vendor Cyvera as a strategy to increase visibility at the endpoint and boost threat intelligence. Cyvera specializes in detecting and blocking exploitation techniques used by malware. Data collected by Cyvera will be fed into the company's cloud-based WildFire file behavior-analysis engine. Palo Alto Networks also acquired Morta Security, a Silicon Valley-based security startup, in January. The firm specializes in tracking threat movements within an organization.

The acquisitions will ultimately be integrated into a full platform that automates many incident response processes, McLaughlin said. Businesses are taking up increasingly complex operational burdens and expenses associated with legacy systems, he said.

"It's very difficult and almost not possible to have intelligence if you don't have visibility," he said. ’We need to raise the bar but do it at an acceptable cost of technology, and [with] the limited resources you have to do it."

Palo Alto Networks' line of next-generation firewalls competes against FireEye, which has gained attention for its virtualized sandbox platform designed to detect custom malware and other so-called advanced threats. Palo Alto sells its cloud-based WildFire subscription service to perform similar malware analysis of Windows-based files. In addition to Check Point Technologies and Fortinet, Cisco Systems is also a competitor with its acquisition and initial integration of Sourcefire and Intel Security (formerly McAfee) with its Stonesoft acquisition.

NEXT: Virtual Sandboxing Quickly Becoming A Commodity

Virtual sandboxing is quickly becoming a commodity with network appliance makers adding the capability to declare advanced threat protection technology, said Pete Lindstrom, vice president at research firm Spire Security, in a recent interview. The latest entrant, WatchGuard Technologies, announced a partnership this week with Redwood Shores, Calif.-based startup Lastline to perform custom malware analysis.

"If these vendors are going to continue to grow, they have to continue to build out their capabilities and establish a more robust platform," Lindstrom said.

Palo Alto Networks partners in the channel praise the company's 100 percent channel model and its ability to add new features and capabilities while keeping it less complex for smaller firms. Sales of the Palo Alto Networks appliance line have grown every year, said Daniel Payne, chief technology officer at Evansville, Ind.-based Pinnacle Computer Services, an early partner. Newer devices are more affordable, opening up business to small businesses, Payne said.

"There's no shortage of orders," Payne said. "We make recommendations on sales, and typically when someone does get compromised they tend to come back and order a unit."

Payne agrees with McLaughlin's message. He said he hasn't seen a big uptake in subscriptions to the Palo Alto Networks' WildFire service, because it appeals to larger businesses that have specialized IT teams on staff monitoring and responding to alerts. Larger firms also are generally more interested in the firm's Panorama centralized policy and device management for visibility into multiple firewalls on the network, Payne said.